nanog mailing list archives
Re: Jenkins amplification
From: Michael Thomas <mike () mtcc com>
Date: Mon, 3 Feb 2020 11:43:54 -0800
On 2/3/20 10:48 AM, Christopher Morrow wrote:
Sorry, to be a little less flippant and a bit more productive: "I don't think every remote endpoint needs full access (or even some compromise based on how well you can/can't scale your VPN box's policies) access to the internal network. I think you don't even want to provide this access based on some loose ideas about 'ip address' and 'vpn identity'." Ideally you'd be able to authenticate and authorize and even account(!) based on a real user-id + passwd + token (2fa thing). Somethign akin to this: https://cloud.google.com/beyondcorp/ maybe using the googz work directly isn't your cup-o-joe(jane?) but... the idea itself is the point I was aiming for.
So somebody is using the internet as it was originally designed. Will miracles never cease.
Mike
Current thread:
- Re: Jenkins amplification, (continued)
- Re: Jenkins amplification Christopher Morrow (Feb 03)
- Re: Jenkins amplification Christopher Morrow (Feb 03)
- Re: Jenkins amplification Matt Harris (Feb 03)
- Re: Jenkins amplification Matt Harris (Feb 03)
- Re: Jenkins amplification Jean | ddostest.me via NANOG (Feb 03)
- Re: Jenkins amplification Ryan Hamel (Feb 03)
- Re: Jenkins amplification Jean | ddostest.me via NANOG (Feb 03)
- Re: Jenkins amplification Christopher Morrow (Feb 03)
- Re: Jenkins amplification Mike Meredith (Feb 04)
- Re: Jenkins amplification Christopher Morrow (Feb 04)
- Re: Jenkins amplification Michael Thomas (Feb 03)
- Re: Jenkins amplification Sabri Berisha (Feb 03)
- Re: Jenkins amplification Christopher Morrow (Feb 03)
- Re: Jenkins amplification Large Hadron Collider (Feb 04)
- Re: Jenkins amplification Daryl (Feb 04)
- Re: Jenkins amplification Randy Bush (Feb 03)